The scam email hit a large number of inboxes in a short space of time this morning, starting at 9.05am.

The savvy cybercriminals leave little to chance in their efforts to dupe victims.

The formatting, grammar and branding are near-perfect.

Cheekily, they even include a security notice advising that ‘ANZ will not send you an email or SMS asking you to verify account details, financial details or login details for ANZ Phone Banking, ANZ Internet Banking or ANZ Mobile Banking’.

This advice is included on legitimate statement emails from ANZ, and references well-known scams designed to lure people into handing over access to their online accounts.

Here's the fake statement email:

And here's a legitimate ANZ statement email, sent in recent weeks:

How to tell this is a fake

Two key things set apart the fake from a legitimate ANZ statement email.

ANZ bank, following industry best-practice, tells its customers their statement is available and to log on to ANZ Internet Banking to view it.

But the scam version has a ‘View statement’ button. This button launches the download of malware onto a victim’s system. It takes the form of a .ZIP archive file containing a malicious JavaScript file.

But those who hover over the address can see the real address is different: statements @ anzhost.org. This is where it really comes from.

While MailGuard customers are protected against this, many Australians will be vulnerable.

Scams step up in scale

The past month has seen a huge uptick in fraud emails, both in frequency and scale. An enormous ASIC malware attack yesterday inundated inboxes for 24 hours, while Origin Energy, MYOB, Energy Australia and Westpac have also had their brands leveraged.

Advice from ANZ on reporting fraud

“Quick rule of thumb: if it sounds too good to be true, it probably is,” ANZ advises.

“Delete the email or SMS immediately. Please contact the ANZ helpdesk immediately if you have:

Clicked on any links or downloaded any attachments

Responded to the hoax email, SMS or phone call with your banking details

Noticed any unusual payments.”

For a few dollars per staff member per month, add MailGuard's cloud-based email and web security to your business security. You’ll significantly reduce the risk of new variants of malicious email from entering your network.